One of the key measures to reduce the spread of Coronavirus COVID-19 is social distancing, which for many organisations means encouraging—or instructing—staff to work from home.
But moving at short notice from a trusted office environment to working remotely can create security risks. On top of this, nasty opportunist crooks are already using the coronavirus as subject matter for their phishing scams, hoping that the unwary will click through and hand over passwords or other data.
With the rapid increase in remote working in mind, the European Union Agency for Cybersecurity (ENISA) has set out a series of recommendations for companies moving to teleworking as a result of COVID-19.
ENISA said it had already seen an increase in coronavirus-related phishing attacks. The agency recommends, as far as possible, that workers try to not mix work and leisure activities on the same device and be particularly careful with any mails referencing the coronavirus. "Attackers are exploiting the situation, so look out for phishing emails and scams," ENISA said.
The agency also warned remote workers to be suspicious of any emails asking them to check or renew their passwords and login credentials, even if they seem to come from a trusted source.
"Please try to verify the authenticity of the request through other means, do not click on suspicious links or open any suspicious attachments," it said.
ENISA also warned workers to be suspicious of emails from people you don't know—especially if they ask to connect to links or open files. Phishing messages try to create an impression of urgency in order to panic you into clicking on a link, it said. Emails sent from people you know but who are asking for unusual things are also suspect, the agency said—so double check by phone if possible. The UK's National Cyber Security Centre has also issued a similar warning about coronavirus-themed phishing attacks.